manager

package
v0.0.0-...-4b25d55 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2024 License: Apache-2.0 Imports: 45 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DoHTML int = iota
	DoSubsystemCover
	DoModuleCover
	DoFuncCover
	DoFileCover
	DoRawCoverFiles
	DoRawCover
	DoFilterPCs
	DoCoverJSONL
)
View Source 
const CurrentDBVersion = 5
View Source 
const MaxReproAttempts = 3
View Source 
const ReminimizeThreshold = 15

Programs that do more than 15 system calls are to be treated with suspicion and re-minimized.

Variables

This section is empty.

Functions

func CoverToPCs 

func CoverToPCs(cfg *mgrconfig.Config, cov []uint64) []uint64

func CoverageFilter 

func CoverageFilter(source *ReportGeneratorWrapper, covCfg mgrconfig.CovFilterCfg,
	strict bool) (map[uint64]struct{}, error)

func PCsToCover 

func PCsToCover(cfg *mgrconfig.Config, pcs map[uint64]struct{}) map[uint64]struct{}

func ParseSeed 

func ParseSeed(target *prog.Target, data []byte) (*prog.Prog, error)

func ParseSeedStrict 

func ParseSeedStrict(target *prog.Target, data []byte) (*prog.Prog, error)

Types

type BugInfo 

type BugInfo struct {
	ID            string
	Title         string
	LastTime      time.Time
	HasRepro      bool
	HasCRepro     bool
	StraceFile    string // relative to the workdir
	ReproAttempts int
	Crashes       []*CrashInfo
}

type BugReport 

type BugReport struct {
	Title  string
	Tag    string
	Prog   []byte
	CProg  []byte
	Report []byte
}

type CoverageFilters 

type CoverageFilters struct {
	Areas          []corpus.FocusArea
	ExecutorFilter map[uint64]struct{}
}

func PrepareCoverageFilters 

func PrepareCoverageFilters(source *ReportGeneratorWrapper, cfg *mgrconfig.Config,
	strict bool) (CoverageFilters, error)

type CoverageInfo 

type CoverageInfo struct {
	Modules         []*vminfo.KernelModule
	ReportGenerator *ReportGeneratorWrapper
	CoverFilter     map[uint64]struct{}
}

type Crash 

type Crash struct {
	InstanceIndex int
	FromHub       bool // this crash was created based on a repro from syz-hub
	FromDashboard bool // .. or from dashboard
	Manual        bool
	*report.Report
}

func (*Crash) FullTitle 

func (c *Crash) FullTitle() string

type CrashInfo 

type CrashInfo struct {
	Index int
	Log   string // filename relative to the workdir

	// These fields are only set if full=true.
	Tag    string
	Report string // filename relative to workdir
	Time   time.Time
}

type CrashStore 

type CrashStore struct {
	Tag          string
	BaseDir      string
	MaxCrashLogs int
	MaxReproLogs int
}

func NewCrashStore 

func NewCrashStore(cfg *mgrconfig.Config) *CrashStore

func ReadCrashStore 

func ReadCrashStore(workdir string) *CrashStore

func (*CrashStore) BugInfo 

func (cs *CrashStore) BugInfo(id string, full bool) (*BugInfo, error)

func (*CrashStore) BugList 

func (cs *CrashStore) BugList() ([]*BugInfo, error)

func (*CrashStore) HasRepro 

func (cs *CrashStore) HasRepro(title string) bool

func (*CrashStore) MoreReproAttempts 

func (cs *CrashStore) MoreReproAttempts(title string) bool

func (*CrashStore) Report 

func (cs *CrashStore) Report(id string) (*BugReport, error)

func (*CrashStore) SaveCrash 

func (cs *CrashStore) SaveCrash(crash *Crash) (bool, error)

Returns whether it was the first crash of a kind.

func (*CrashStore) SaveFailedRepro 

func (cs *CrashStore) SaveFailedRepro(title string, log []byte) error

func (*CrashStore) SaveRepro 

func (cs *CrashStore) SaveRepro(res *ReproResult, progText, cProgText []byte) error

type DiffBug 

type DiffBug struct {
	Title   string
	Base    DiffBugInfo
	Patched DiffBugInfo
}

func (DiffBug) AffectsBoth 

func (bug DiffBug) AffectsBoth() bool

func (DiffBug) PatchedOnly 

func (bug DiffBug) PatchedOnly() bool

type DiffBugInfo 

type DiffBugInfo struct {
	Crashes    int  // Count of detected crashes.
	NotCrashed bool // If were proven not to crash by running a repro.

	// File paths.
	Report   string
	Repro    string
	ReproLog string
	CrashLog string
}

type DiffFuzzerStore 

type DiffFuzzerStore struct {
	BasePath string
	// contains filtered or unexported fields
}

DiffFuzzerStore provides the functionality of a database of the patch fuzzing.

func (*DiffFuzzerStore) BaseCrashed 

func (s *DiffFuzzerStore) BaseCrashed(title string, report []byte)

func (*DiffFuzzerStore) BaseNotCrashed 

func (s *DiffFuzzerStore) BaseNotCrashed(title string)

func (*DiffFuzzerStore) EverCrashedBase 

func (s *DiffFuzzerStore) EverCrashedBase(title string) bool

func (*DiffFuzzerStore) List 

func (s *DiffFuzzerStore) List() []DiffBug

func (*DiffFuzzerStore) PatchedCrashed 

func (s *DiffFuzzerStore) PatchedCrashed(title string, report, log []byte)

func (*DiffFuzzerStore) SaveRepro 

func (s *DiffFuzzerStore) SaveRepro(result *ReproResult)

type FilteredCandidates 

type FilteredCandidates struct {
	Candidates     []fuzzer.Candidate
	ModifiedHashes []string
	SeedCount      int
}

func FilterCandidates 

func FilterCandidates(candidates []fuzzer.Candidate, syscalls map[*prog.Syscall]bool,
	dropMinimize bool) FilteredCandidates

func (*FilteredCandidates) ReminimizeSubset 

func (fc *FilteredCandidates) ReminimizeSubset() int

ReminimizeSubset clears the fuzzer.ProgMinimized flag of a small subset of seeds. The ultimate objective is to gradually clean up the poorly minimized corpus programs. ReminimizeSubset assumes that candidates are sorted in the order of ascending len(Prog.Calls).

func (*FilteredCandidates) ResmashSubset 

func (fc *FilteredCandidates) ResmashSubset() int

resmashSubset clears fuzzer.ProgSmashes for a subset of seeds. We smash the program only once after we add it to the corpus, but it can be that either it did not finish before the instance was restarted, or the fuzzing algorithms have become smarter over time, or just that kernel code changed over time. It would be best to track it in pkg/db, but until it's capable of that, let's just re-smash some corpus subset on each syz-manager restart.

type HTTPServer 

type HTTPServer struct {
	// To be set before calling Serve.
	Cfg         *mgrconfig.Config
	StartTime   time.Time
	CrashStore  *CrashStore
	DiffStore   *DiffFuzzerStore
	ReproLoop   *ReproLoop
	Pool        *vm.Dispatcher
	Pools       map[string]*vm.Dispatcher
	TogglePause func(paused bool)

	// Can be set dynamically after calling Serve.
	Corpus          atomic.Pointer[corpus.Corpus]
	Fuzzer          atomic.Pointer[fuzzer.Fuzzer]
	Cover           atomic.Pointer[CoverageInfo]
	EnabledSyscalls atomic.Value // map[*prog.Syscall]bool
	// contains filtered or unexported fields
}

func (*HTTPServer) Serve 

func (serv *HTTPServer) Serve()

type ReportGeneratorWrapper 

type ReportGeneratorWrapper struct {
	// contains filtered or unexported fields
}

func ReportGeneratorCache 

func ReportGeneratorCache(cfg *mgrconfig.Config) *ReportGeneratorWrapper

func (*ReportGeneratorWrapper) Get 

func (w *ReportGeneratorWrapper) Get() (*cover.ReportGenerator, error)

func (*ReportGeneratorWrapper) Init 

func (w *ReportGeneratorWrapper) Init(modules []*vminfo.KernelModule)

func (*ReportGeneratorWrapper) Reset 

func (w *ReportGeneratorWrapper) Reset()

type ReproLoop 

type ReproLoop struct {
	// contains filtered or unexported fields
}

func NewReproLoop 

func NewReproLoop(mgr ReproManagerView, reproVMs int, onlyOnce bool) *ReproLoop

func (*ReproLoop) CanReproMore 

func (r *ReproLoop) CanReproMore() bool

func (*ReproLoop) Empty 

func (r *ReproLoop) Empty() bool

Empty returns true if there are neither running nor planned bug reproductions.

func (*ReproLoop) Enqueue 

func (r *ReproLoop) Enqueue(crash *Crash)

func (*ReproLoop) Loop 

func (r *ReproLoop) Loop(ctx context.Context)

func (*ReproLoop) Reproducing 

func (r *ReproLoop) Reproducing() map[string]bool

type ReproManagerView 

type ReproManagerView interface {
	RunRepro(crash *Crash) *ReproResult
	NeedRepro(crash *Crash) bool
	ResizeReproPool(size int)
}

type ReproResult 

type ReproResult struct {
	Crash  *Crash // the original crash
	Repro  *repro.Result
	Strace *repro.StraceResult
	Stats  *repro.Stats
	Err    error
}

type Seeds 

type Seeds struct {
	CorpusDB   *db.DB
	Fresh      bool
	Candidates []fuzzer.Candidate
}

func LoadSeeds 

func LoadSeeds(cfg *mgrconfig.Config, immutable bool) Seeds

type UICallType 

type UICallType struct {
	Name           string
	ID             *int
	Inputs         int
	Total          int
	Cover          int
	CoverOverflows int
	CompsOverflows int
}

type UICorpusPage 

type UICorpusPage struct {
	UIPageHeader
	Call     string
	RawCover bool
	Inputs   []UIInput
}

type UICrash 

type UICrash struct {
	CrashInfo
	Active bool
}

type UICrashPage 

type UICrashPage struct {
	UIPageHeader
	UICrashType
}

type UICrashType 

type UICrashType struct {
	Description string
	LastTime    time.Time
	Active      bool
	ID          string
	Count       int
	Triaged     string
	Strace      string
	Crashes     []UICrash
}

type UIDiffBug 

type UIDiffBug struct {
	DiffBug
	Reproducing bool
}

type UIDiffTable 

type UIDiffTable struct {
	Title string
	List  []UIDiffBug
}

type UIFallbackCall 

type UIFallbackCall struct {
	Name       string
	Successful int
	Errnos     []int
}

type UIFallbackCoverData 

type UIFallbackCoverData struct {
	UIPageHeader
	Calls []UIFallbackCall
}

type UIInput 

type UIInput struct {
	Sig   string
	Short string
	Cover int
}

type UIJobInfo 

type UIJobInfo struct {
	ID    string
	Short string
	Calls string
	Execs int32
}

type UIJobList 

type UIJobList struct {
	UIPageHeader
	Jobs []UIJobInfo
}

type UIPageHeader 

type UIPageHeader struct {
	PageTitle string
	// Relative page URL w/o GET parameters (e.g. "/stats").
	URLPath string
	// Relative page URL with GET parameters/fragment/etc (e.g. "/stats?foo=1#bar").
	CurrentURL string
	// syzkaller build git revision and link.
	GitRevision     string
	GitRevisionLink string
	ExpertMode      bool
	Paused          bool
}

type UIPrio 

type UIPrio struct {
	Call string
	Prio int32
}

type UIPrioData 

type UIPrioData struct {
	UIPageHeader
	Call  string
	Prios []UIPrio
}

type UIRawCallCover 

type UIRawCallCover struct {
	Sig       string
	Call      string
	UpdateIDs []int
}

type UIRawCoverPage 

type UIRawCoverPage struct {
	UIPageHeader
	Calls []UIRawCallCover
}

type UIStat 

type UIStat struct {
	Name  string
	Value string
	Hint  string
	Link  string
}

type UISummaryData 

type UISummaryData struct {
	UIPageHeader
	Stats       []UIStat
	Crashes     []UICrashType
	PatchedOnly *UIDiffTable
	AffectsBoth *UIDiffTable
	InProgress  *UIDiffTable
	Log         string
}

type UISyscallsData 

type UISyscallsData struct {
	UIPageHeader
	Calls []UICallType
}

type UITextPage 

type UITextPage struct {
	UIPageHeader
	Text []byte
	HTML template.HTML
}

type UIVMData 

type UIVMData struct {
	UIPageHeader
	VMs []UIVMInfo
}

type UIVMInfo 

type UIVMInfo struct {
	Name           string
	State          string
	Since          time.Duration
	MachineInfo    string
	DetailedStatus string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.